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We show that the techniques for resource control that have been developed in the so-called "light 
logics" can be fruitfully applied also to process algebras. In particular, we present a restriction of 
Higher-Order ^-calculus inspired by Soft Linear Logic. We prove that any soft process terminates 
in polynomial time. We argue that the class of soft processes may be naturally enlarged so that 
interesting processes are expressible, still maintaining the polynomial bound on executions. 

1 Introduction 

A term terminates if all its reduction sequences are of finite length. As far as programming languages are 
concerned, termination means that computation in programs will eventually stop. In computer science, 
termination has been extensively investigated in sequential languages, where strong normalization is a 
synonym more commonly used. 

Termination is however interesting also in concurrency. While large concurrent systems often are 
supposed to run forever (e.g., an operating system, or the Internet itself), single components are usually 
expected to terminate. For instance, if we query a server, we may want to know that the server does not 
go on forever trying to compute an answer. Similarly, when we load an applet we would like to know 
that the applet will not run forever on our machine, possibly absorbing all the computing resources. In 
general, if the lifetime of a process can be infinite, we may want to know that the process does not remain 
alive simply because of nonterminating internal activity, and that, therefore, the process will eventually 
accept interactions with the environment. 

Another motivation for studying termination in concurrency is to exploit it within techniques aimed 
at guaranteeing properties such as responsiveness and lock-freedom (9), which intuitively indicate that 
certain communications or synchronizations will eventually succeed (possibly under some fairness as- 
sumption). In message-passing languages such as those in the 7i-calculus family (Join Calculus, Higher- 
Order 7r-calculus, Asynchronous 7i-calculus, etc.) most liveness properties can be reduced to instances 
of lock-freedom. Examples, in a client-server system, are the liveness properties that a client request will 
eventually be received by the server, or that a server, once accepted a request, will eventually send back 
an answer. 

However, termination alone may not be satisfactory. If a query to a server produces a computation 
that terminates after a very long time, from the client point of view this may be the same as a nonter- 
minating (or failed) computation. Similarly, an applet loaded on our machine that starts a very long 
computation, may engender an unacceptable consumption of local resources, and may possibly be con- 
sidered a "denial of service" attack. In other words, without precise bounds on the time to complete a 
computation, termination may be indistinguishable from nontermination. 

Type disciplines are among the most general techniques to ensure termination of programs. Both 
in the sequential and in the concurrent case, type systems have been designed to characterize classes 
of terminating programs. It is interesting that, from the fact that a program has a type, we may often 
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extract information on the structure of the program itself (e.g., for the simple types, the program has 
no self applications). If termination (or, more generally, some property of the computation) is the main 
interest, it is only this structure that matters, and not the specifics of the types. In this paper we take this 
perspective, and apply to a certain class of programs (Higher-Order % -calculus terms) the structural re- 
strictions suggested by the types of Soft Linear Logic [10], a fragment of Linear Logic [7 ] characterizing 
polynomial time computations. 

Essential contribution of Linear Logic has been the refinement it allows on the analysis of com- 
putation. The (previously atomic) step of function application is decomposed into a duplication phase 
(during which the argument is duplicated the exact number of times it will be needed during the com- 
putation), followed by the application of a linear function (which will use each argument exactly once). 
The emphasis here is not on restricting the class of programs — in many cases, any traditional program 
(e.g., any A -term, even a divergent one) could be annotated with suitable scope information {foxes, in 
the jargon) in such a way that the annotated program behaves as the original one. However, the new 
annotations embed information on the computational behavior that was unexpressed (and inexpressible) 
before. In particular, boxes delimit those parts of data that will be (or may be) duplicated or erased during 
computation. 

It is at this stage that one may apply restrictions. By building on the scopes exposed in the new syn- 
tax, we may restrict the computational behavior of a term. In the sequential case several achievements 
have been obtained via the so-called light logics HH21QI1, which allow for type systems for A -calculus 
exactly characterizing several complexity classes (notably, elementary time, polynomial type, polyno- 
mial space, logarithmic space). This is obtained by limitations on the way the scopes (boxes) may be 
manipulated. For the larger complexity classes (e.g., elementary time) one forbids that during computa- 
tion one scope may enter inside another scope (their nesting depth remains constant). For smaller classes 
(e.g., polynomial time) one also forbids that a duplicating computation could drive another duplication. 
The exact way this is obtained depends on the particular discipline (either a la Light Linear Logic, or a 
la Soft Linear Logic). 

The aim of this paper is to apply for the first time these technologies to the concurrent case, in 
particular to Higher-Order 7i-calculus |[T2l . We closely follow the pattern we have delineated above. 
First, we introduce (higher-order) processes, which we then annotate with explicit scopes, where the new 
construct "!" marks duplicable entities. This is indeed a refinement, and not a restriction — any process 
in the first calculus may be simulated by an annotated one. We then introduce our main object of study 
— annotated processes restricted with the techniques of Soft Linear Logic. We show that the number of 
internal actions performed by processes of this calculus is polynomially bounded (Section |4]), a property 
that we call feasible termination. Moreover, an extension of the calculus capturing a natural example 
will be presented (Section [5]). 

We stress that we used in the paper a pragmatic approach — take from the logical side tools and 
techniques that may be suitable to obtain general bounds on the computing time of processes. We are not 
looking for a general relation between logical systems and process algebras that could realize a form of 
Curry-Howard correspondence among the two. That would be a much more ambitious goal, for which 
other techniques — and different success criteria — should be used. 

Related Work A number of works have recently studied type systems that ensure termination in mo- 
bile processes, e.g. |[T4l l3l l4l. They are quite different from the present paper. First, the techniques 
employed are measure-based techniques, or logical relations, or combinations of these, rather than tech- 
niques inspired by linear logics, as done here. Secondly, the objective is pure termination, whereas here 
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we aim at deriving polynomial bounds on the number of steps that lead to termination. (In some of the 
measure-based systems bounds can actually be derived, but they are usually exponential with respect to 
integer annotations that appear in the types.) Thirdly, with the exception of |4), all works analyse name- 
passing calculi such as the 7i-calculus, whereas here we consider higher-order calculi in which terms of 
the calculus are exchanged instead of names. 

Linear Logic has been applied to mobile processes by Ehrhard and Laurent O, who have stud- 
ied encodings of 7r-calculus-like languages into Differential Interaction Nets (H, an extension of the 
Multiplicative Exponential fragment of Linear Logic. The encodings are meant to be tests for the expres- 
siveness of Differential Interaction Nets; the issue of termination does not arise, as the process calculi 
encoded are finitary. Amadio and Dabrowski [1] have applied ideas from term rewriting to a 7T-calculus 
enriched with synchronous constructs a la Esterel. Computation in processes proceeds synchronously, 
divided into cycles called instants. A static analysis and a finite-control condition guarantee that, during 
each instant, the size of a program and the times it takes to complete the instant are polynomial on the 
size of the program and the input values at the beginning of the instant. 

2 Higher-Order Processes 

This section introduces the syntax and the operational semantics of processes. We call H07T the cal- 
culus of processes we are going to define (it is the calculus HOtt™ 11 * in lfl2l ). In H07T the values 
exchanged in interactions can be first-order values and higher-order values, i.e., terms containing pro- 
cesses. For economy, the only first-order value employed is the unit value *, and the only higher-order 
values are parametrised processes, called abstractions (thus we forbid direct communication of processes; 
to communicate a process we must add a dummy parameter to it). The process constructs are nil, parallel 
composition, input, output, restriction, and application. Application is the destructor for abstraction: it 
allows us to instantiate the formal parameters of an abstraction. Here is the complete grammar: 

P::=0\P\\P\ a(x).P \ a{V).P \ (va)P | VV; 
V ::= * | x | Xx.P; 

where a ranges over a denumerable set ^ of channels, and x over the denumerable set of variables. Input, 
restriction, and abstractions are binding constructs, and give rise in the expected way to the notions of 
free and bound channels and of free and bound variables, as well as of a-conversion. 

Ill-formed terms such as ★* can be avoided by means of a type systems. The details are standard and 
are omitted here; see lfl2l . 

The operational semantics, in the reduction style, is presented in Figure [T] and uses the auxiliary 
relation of structural congruence, written =. This is the smallest congruence closed under the following 
rules: 

P = Q if P and Q are a-equivalent; 
P\\ (Q\\R) = (P\\Q) \\R; 

P\\Q = Q\\P; 
(va)((vb)P) = (vb)((va)P); 
({va)P \\Q) = {(va)P) | [ Q if a is not free in Q; 

Unlike other presentations of structural congruence, we disallow the garbage-collection laws P \ | = P 
and (va)0 = a, which are troublesome for our resource-sensitive analysis. The reduction relation is 
written — >p, and is defined on processes without free variables. 
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a{V).P\\a{x).Q^ P P\\ Q[x/V] 



[Xx.P)V ^ P P[x/V] 



P^pQ 



P^pQ 



P = Q Q^pR R = S 
p^pS 



P\\R^ P Q\\R 



(va)P^ P {va)Q 



Figure 1: The operational semantics of HOtt processes. 



In general, the relation — >p is nonterminating. The prototypical example of a nonterminating process 
is the following process OMEGA: 

OMEGA = (va) (DELTA * \ \ a(DELTA) ) , where DELTA = Xy.(a(x).(x * || a(x))). 

Indeed, it holds that OMEGA — >p OMEGA. Variants of the construction employed for OMEGA can be 
used to show that process recursion can be modelled in H07T. An example of this construction is the 
following SERVER process. It accepts a request y on channel b and forwards it along c. After that, it 
can handle another request from b. In contrast to OMEGA, SERVER is terminating, because there is no 
infinite reduction sequence starting from SERVER. Yet hand, the number of requests SERVER can handle 
is unlimited, i.e., SERVER can be engaged in an infinite sequence of interactions with its environment. 



A remark on notation: in this paper, ! is the Linear Logic operator (more precisely, an operator 
derived from Linear Logic), and should not be confused with the replication operator often used in 
process calculi such as the 7i-calculus. 

3 Linearizing Processes 

Linear Logic can be seen as a way to decompose the type of functions A — > B into a refined type !A — o B. 
Since the argument (in A) may be used several (or zero) times to compute the result in B, we first turn the 
input into a duplicable (and erasable) object (of type !A). We now duplicate (or erase) it the number of 
times it is needed, and finally we use each of the copies exactly once to obtain the result (this is the linear 
function space — o). The richer language of types (with the new constructors ! and — o) is matched by new 
term constructs, whose goal is to explicitly enclose in marked scopes (boxes) those subterms that may be 
erased or duplicated. In the computational process we described above, there are three main ingredients: 
(i) the mark on a duplicable/erasable entity; (ii) its actual duplication/erasure; (iii) the linear use of the 
copies. For reasons that cannot be discussed here (see Wadler's |[T3l for the notation we will use) we 
may adopt a syntax where the second step (duplication) is not made fully explicit (thus resulting in a 
simpler language), and where the crucial distinction is made between linear functions (denoted by the 
usual syntax Xx.P — but interpreted in a strictly linear way: x occurs once in P), and nonlinear functions, 
denoted with Xlx.P , where the x may occur several (or zero) times in P. When a nonlinear function is 
applied, its actual argument will be duplicated or erased. We enclose the argument in a box to record this 
fact, using an eponymous unary operator ! also on terms. Since we want to control the computational 
behavior of duplicable entities, a term in a !-box is protected and cannot be reduced. Only when it will 



SERVER = (va)(COMP-k \ \a(COMP))\ 
COMP = Xz. (a(x) . (b(y) Z (y) .a(x) \ \ *★)) . 
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Figure 2: Processes and values in LH07T. 



be fed to a (nonlinear) function, and thus (transparently) duplicated, its box will be opened (the mark ! 
disappears) and the content will be reduced. 

The constructs on terms arising from Linear Logic have a natural counterpart in higher-order pro- 
cesses, where communication and abstraction play a similar role. This section introduces a linearization 
of H07T, that we here dub LH07T. The grammars of processes and values are as follows: 

P::=0\P\\P\ a{x).P \ a{\x).P \ a(V).P \ (va)P \ VV; 
V::=*|x| Xx.P j X\x.P | \V. 

On top of the grammar, we must enforce the linearity constraints, which are expressed by the rules in 
Figure |2] They prove judgements in the form r hp P and T hv V, where T is a context consisting of a 
finite set of variables — a single variable may appear in T either as x or as !x, but not both. Examples of 
contexts are x, \y; or x,y,z] or the empty context 0. As usual, we write !r when all variables of the context 
(if any) are ! -marked. A process P (respectively, a value V) is well-formed iff there is a context T such 
that r hp P (respectively, T hv V). In the rules with two premises, observe the implicit contractions on 
! -marked variables in the context — they allow for transparent duplication. The depth of a (occurrence 
of a) variable x in a process or value is the number of instances of the ! operator it is enclosed to. As an 
example, if P = (\x)(y), then x has depth 1, while y has depth 0. 

A judgement r hp P can informally be interpreted as follows. Any variable appearing as x in T must 
occur free exactly once in P; moreover the only occurrence of x is at depth in P (that is, it is not in the 
scope of any !). On the other hand, any variable y appearing as \y in T may occur free any number of 
times in P, at any depth. Variables like x are linear, while those like y are nonlinear. Nonlinear variables 
may only be bound by nonlinear binders (which have a ! to recall this fact). 

The operational semantics of LH07T is a slight variation on the one of H07T, and can be found in 
Figure [3] The two versions of communication and abstraction (i.e., the linear and the nonlinear one) 
are governed by two distinct rules. In the nonlinear case the argument to the function (or the value sent 
through a channel) must be in the correct duplicable form IV. Well-formation is preserved by reduction: 



Lemma 1 (Subject Reduction) If hp P and P — Q, then hp Q. 
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a(V).P || a(x).Q^ L P \ \ Q[x/V] (Xx.P)V -> L P[x/V] 



a(\V).P || a(\x).Q -+\_P\\ Q[x/V] {X\x.P)\V — >\_ P[x/V] 
P^lQ P^lQ P = QQ-> l RR = S 



P || R ^ L G|| R (va)P^ L (va)Q 



Figure 3: The operational semantics of LH07T processes. 
3.1 Embedding Processes into Linear Processes 

Processes (and values) can be embedded into linear processes (and values) as follows: 

[*]v = *; [Ajc.G]v =A!jc.[P] p ; 

[0] P = 0; Mv=x; 
[P\\Q]p=[P]p\\ [Q]p; [a(x).P]p=a(\x).[P] P - 
[a(V).P] P = fl(![V] v ).[P]p; [(va)P] P = (va)[P] P ; 

[VW]p = [y]v![W] v . 

Linear abstractions and linear inputs never appear in processes obtained via [-]p: whenever a value is sent 
through a channel or passed to a function, it is made duplicable. The embedding induces a simulation of 
processes by linear processes: 

Proposition 1 (Simulation) For every process P, [P]p is well-formed. Moreover, if P — Q, then 
[P]p [Q]p- 

By applying the map [ ]p to our example process, SERVER, a linear process SERVER] can be obtained: 

SERVER, = (va){COMP\{\*) \\a{\COMP\)); 
COMP\=X\z.{a{\x).{b{\y).c{\y).a{\x) || *(!*))). 



4 Termination in Bounded Time: Soft Processes 

In view of Proposition [TJ LH07T admits non terminating processes. Indeed, the prototypical divergent 
process from Section|2]can be translated into a linear process: 

OMEGA] = (va)((DELTA\(\*)) \\a(\DELTA\)), where DELTA, = X\y.{a{\x).(x (!*) ||S(bc»). 

OMEGA, cannot be terminating, since OMEGA itself does not terminate. 

The more expressive syntax, however, may reveal why a process does not terminate. If we trace its 
execution, we see that the divergence of OMEGA, comes from DELTA,, where x appears free twice in 
the inner body (*(!*) || a(lx}): once in the scope of the ! operator, once outside any !. When a value is 
substituted for x (and thus duplicated) one of the two copies interacts with the other, being copied again. 
It is this cyclic phenomenon (called modal impredicativity in |[TTi ) that is responsible for nontermination. 
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Figure 4: Processes and values in SH07T. 



The Linear Logic community has studied in depth the impact of unbalanced and multiple boxes on 
the complexity of computation, and singled out several (different) sufficient conditions for ensuring not 
only termination, but termination with prescribed bounds. We will adopt here the conditions arising 
from Lafont's analysis (and formalized in Soft Linear Logic, SLL iflOlO . leaving to further work the 
usage of other criteria. We thus introduce the calculus SH07T of soft processes, for which we will prove 
termination in polynomial time. In our view, this is the main contribution of the paper. 

Soft processes share the same grammar and operational semantics than linear processes (Section 0, 
but are subjected to stronger constraints, expressed by the well-formation rules of Figure [4] A context T 
can now contain a variable x in at most one of three different forms: x, !x, or #x. The implicit contraction 
(or weakening) happens on #-marked variables, but none of them may ever appear inside a !-box. In the 
last rule it is implicitly assumed that the context T in the premise is composed only of linear variables, 
if any (otherwise the context \Y of the conclusion would be ill-formed). Indeed, the rules amount to say 
that, if r hsp P (and similarly for values), then: (i) any linear variable x in Y occurs exactly once in P, 
and at depth (this is as in LH07T); (ii) any nonlinear variable !x occurs exactly once in P, and at depth 
1 ; (iii) any nonlinear variable #x may occur any number of times in P, all of its occurrences must be at 
level 0. As a result, any bound variable appears in the scope of the binder always at a same level. As in 
LH07T, well-formed processes are closed by reduction: 

Proposition 2 If h$p P and P — >i Q, then \~sp Q- 

The nonterminating process OMEGA] which started this section is not a soft process, because the 
bound variable x appears twice, once at depth and once depth 1. And this is good news: we would like 
SHOtt to be a calculus of terminating processes, at least! But this has some drawbacks: also SERVER* 
is not a soft process. Indeed, SHOtt is not able to discriminate between SERVER* and OMEGA*, which 
share a very similar structure. We will come back to this after we proved our main result on the polyno- 
mial bound on reduction sequences for soft processes. 



U. Dal Lago & S. Martini & D. Sangiorgi 



53 



4.1 Feasible Termination 

This section is devoted to the proof of feasible termination for soft processes. We prove that the length 
of any reduction sequence from a soft process P is bounded by a polynomial on the size of P. Moreover, 
the size of any process along the reduction is itself polynomially bounded. 

The proof proceeds similarly to the one for SLL proof-nets by Lafont [10]. The idea is relatively 
simple: a weight is assigned to every process and is proved to decrease at any normalization step. The 
weight of a process can be proved to be an upper bound on the size of the process. Finally, a polynomial 
bound on the weight of a process holds. Altogether, this implies feasible termination. 

Before embarking on the proofs, we need some preliminary definitions. First of all, the size of a 
process P (respectively, a value V) is defined simply as the number of symbols in it and is denoted as 
\P\ (respectively, |V|) Another crucial attribute of processes and values is their box depth, namely the 
maximum nesting of ! operators inside them; for a process P and a value V, it is denoted either as B(P) 
or as M(V). The duplicability factor B(P) of a process P is the maximum number of free occurrences of 
a variable x for every binder in P; similarly for values. The precise definition follows, where FO(je,P) 
denotes the number of free occurrences on x in P. 

D(*) = D(jc) = O(0) = 1; B(A*.P) =B(A!*.P) =max{B(P),FO(;t,P)}; 

B(!V) =B(V); B(P || Q) = max{B(P),B(g)}; 

B(a(x).P) = B(a(!x).P) = max{B(P),FO(;t,P)}; 0(a(V).P) = max{B(V),B(P)}; 

B((va)P) = B(P); B(VW) = max{B(V),B(W)}. 

Finally, we can define the weight of processes and values. A notion of weight parametrized on a natural 
number n can be given as follows, by induction on the structure of processes and values: 

W„ (*) = W„ (x) = W„ (0) = 1 ; W„ (Ax.P) = W„(A Ix.P) = W„ (P) ; 

W„(!7) =n- W„(7) + 1; W„(P || Q) = W„(P) + W n (Q) + 1; 

W„(a(x).P) = W n (a(!x).P) = W„(P) + 1; W n (a(V).P) = W„(V) + W„(P); 

W„((va)P) = W„(P); W n (VW) = W n (V) + W n (W) + 1. 

Now, the weight W(P) of a process P is Wu(p)(P). Similarly for values. 

The first auxiliary result is about structural congruence. As one would expect, two structurally con- 
gruent terms have identical size, box depth, duplicability factor and weight: 

Proposition 3 ifP = Q, then |P| = \Q\, B(P) = M(Q), B(P) = B(Q). Moreover, for every n, W„(P) = 
W„(g). 

Observe that Proposition [3] would not hold in presence of structural congruence rules like P 1 1 = P and 
(va)0 = a. 

How does B(P) evolve during reduction? Actually, it cannot grow: 
Lemma 2 // h SP Q and Q — >\_ P, then O(g) > B(P). 

Proof. As an auxiliary lemma, we can prove that whenever T hsp P and hsv V,A hsv W, both 
B(P[x/V]) < max{B(P),B(V)} and B(W[x/V}) < max{B(W),B(V)}. This is an easy induction on 
derivations for T h$p P and A h$v W. The thesis follows. □ 

The weight of a process is an upper bound to the size of the process itself. This means that bounding 
the weight of a process implies bounding its size. Moreover, the weight of a process strictly decreases at 
any reduction step. 
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Lemma 3 For every P, W(P) > \P\. 

Proof. By induction on P, strengthening the induction hypothesis with a similar statement for values. In 
the induction, observe that D(P),B(V) > 1 for every process P and value V. □ 

Proposition 4 If h SP Q and Q — >\_ P, then W(g) > W(P). 

Proof. As an auxiliary result, we need to prove the following (slightly modifications of) substitution 
lemmas (let hsv V and n>m>\): 

• If 71 : F,x h SP R, then W m (R[x/V]) < W n (R) + W B (V); 

• If % : F,x h sv W, then W m (W[x/V]) < W n (W) + W n (V); 

• If 71 : h SP R, then W m (R[x/V}) < W n (R) +FO(x,R) ■ W„{V); 

• If % : F,#x h sv W, then W m (W[x/V}) < W n (W) + FO(x, W) • W B (V); 

• If 7T : T, !x h SP /?, then W m (/?[x/V|) < W n {R) + n ■ W B (V); 

• If jr : T, be h sv W, then W m (W[x/V]) < W n (W)+n- W n (V); 
This is an induction on %. An inductive case: 

• If 7T is: 

T,x hsv Z 
!r, !x,#Ah sv !Z 

then W =!Z and (!Z)[x/V] is simply !(Z[x/V]). As a consequence: 

W m {W[x/V}) = m- W m {Z[x/V}) + 1 < n- (W„(Z) + W„(V)) + 1 = n- W„(Z) + n- W„(V) + 1 
= W„ ( !Z) + n • W„(V ) = W„ (W) + n ■ W„ (V) . 
With the above observations in hand, we can easily prove the thesis by induction on any derivation p of 

• Suppose p is 

a{V).R\\a(x).S-> L R \\S[x/V] 

From hsp a(V).R | | a(x).S, it follows that hsp R, hsv V and x h$p 5. As a consequence, since 
B(<2) < D(P), 

W(P) = W(a(V).tf || a(x).S) = W D(P) (V) + W D(P) (#) + W D(P) (S) +2 

> W D(e) (S[x/V] ) + W D(G) (/?) + 2 > W D(G) (S[x/V] ) + W D(G) (R) + 1 = W D(G) (S[x/V ] 1 1 /?) . 

• Suppose p is 

a(!V).tf || a(!x).S-> L # 1 1 S[x/V] 
From h S p a{V).R \ \ a(x).S, it follows that h S p /?, h S v V and either Ix h SP 5 or #x h S p S. In the 
first case: 

W(P) = W(S(!V)./J || a(jc).5) = W D(P) (!V) + W D(P) (tf) + W ro(P) (S) + 2 

= B(P) ■ W d( p) (V) + W D(P) (/?) + W D(P) (S) + 3 > W D(G) (5[x/y] ) + W D(G) (/?) + 3 

> w D(G) (5[x/y ] ) + w D(G) (R) + i = w D(G) (5[x/y ] 1 1 ) . 

In the second case: 

W(/>) = W{a(W).R\\a(x).S) = W D(P) (!V) + W ro(P) (tf) + W D(P) (5) + 2 
= B(P) ■ W D(P) (V) + W D(P) (R) + W D(P) (5) + 3 

> FO(x, S) ■ W D(P) (V ) + W D(P) (/?) + W D(P) (5) + 3 

> W D(G) (5[x/y]) + W m) (R) + 3 > W D(G) (5[x/y]) +W D(G) (/?) + 1 = W D(G) (5[x/y] \\R). 
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• Suppose p is 

q :R^ L S 
R\\T-t L S\\T 

From hsp R \ \ T, it follows that hsp R and hsp T. By induction hypothesis on a, this yields 
W(R) > W(S), and in turn W(fi) = W(2?) +W(T) + 1 > W(5) +W(T) + 1 = W(5). 
This concludes the proof. □ 

Lemma [3] and Proposition @] together imply that the weight is an upper bound to both the number of 
reduction steps a process can perform and the size of any reduct. So, the only missing tale is bounding 
the weight itself: 

Proposition 5 For every process P, W(P) < \P\ M( - p )+\ 

Proof. By induction on P, enriching the thesis with an analogous statement for values: W(V) < \V | B ( y ) +1 , 
□ 

Putting all the ingredients together, we reach our soundness result with respect polynomial time: 

Theorem 1 There is a family of polynomials {p n }n such that for every process P and for every m, if 
P -+» Q, then m,\Q\ < Pn iP) (\P\). 

The polynomials in Theorem Q] depend on terms, so the bound on the number of internal actions is not 
polynomial, strictly speaking. Please observe, however, that all processes with the same box depth b are 
governed by the same polynomial pt,, similarly to what happens in Soft Linear Logic. 



4.2 Completeness? 

Soundness of a formal system with respect to some semantic criterion is useless unless one shows that 
the system is also expressive enough. In implicit computational complexity, programming languages 
are usually proved both sound and extensionally complete with respect to a complexity class. Not only 
any program can be normalized in bounded time, but every function in the class can be computed by 
a program in the system. Preliminary to any completeness result for SH07T, however, would be the 
definition of what a complexity class for processes should be (as opposed to the well known definition 
for functions or problems). This is an elusive — and very interesting — problem that we cannot tackle in 
this preliminary work and that we leave for future work. 

Certainly the expressiveness of SH07T is weak if we take into account the visible actions of the 
processes (i.e., their interactions with the environment). This is due to the limited possibilities of copying, 
and hence also of writing recursive process behaviours. Indeed, one cannot consider SH07T, on its own, 
as a general-purpose calculus for concurrency. However, we believe that the study of SH07T, or similar 
languages, could be fruitful in establishing bounds on the internal behaviour of parts, or components, 
of a concurrent systems; for instance, on the time and space that a process may take to answer a query 
from another process (in this case the SH07T techniques would be applied to the parts of the syntax of the 
process that describe its internal computation after the query). Next section considers a possible direction 
of development of SHOtt, allowing more freedom on the external actions of the processes. 

We are convinced, on the other hand, that a minimal completeness result can be given, namely the 
possibility of representing all polynomial time functions (or problems) in SH07T. Possibly, this could 
be done by encoding Soft Linear Logic into SH07T through a continuation-passing style translation. We 
leave this to future work. 
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5 An Extension to SH07T: Spawning 

In this section we propose an extension of SH07T that allows us to accept processes such as SERVER*, 
capable of performing infinitely many interactions with their external environment while maintaining 
polynomial bounds on the number of internal steps they can make between any two external actions. 

The reason why SERVER] is not a SH07T process has to do with the bound variable x in the sub- 
process COMPr. 

COMPi=Xlz.(a(\x).(p(\y)x(ly)jc(l*) ||S<bc))), 

The variable appears twice in the body (b(\y).c(\y).x(\-k) \ \ a(\x)), at two different !-depths. This pattern 
is not permitted in SH07T, because otherwise also the nonterminating process OMEGA] would be in the 
calculus. There is however a major difference between OMEGA] and SERVER] -, in COMP], one of the 
two occurrences of x (the one at depth 0) is part of the continuation of an input on b; moreover, such 
channel b is only used by SERVER] in input — SERVER] does not own the output capability. This implies 
that whatever process will substitute that occurrence of x, it will be able to interact with the environment 
only after an input on b is performed. So, its "computational weight" does not affect the number of 
reduction steps made by the process before such an input occurs. This phenomenon, which does not 
occur in OMEGA], can be seen as a form of process spawning: COMP] can be copied an unbounded 
number of times, but the rhythm of the copying is dictated by the input actions at b. 

Consider a subset JP'tf of ^ (where is the set of all channels which can appear in processes). The 
process calculus EH07i( is an extension of SHOft parametrized on J"io. What EH07l( ) adds 
to SHOtt is precisely the possibility of marking a subprocess as a component which can be spawned. 
This is accomplished with a new operator □. Channels in are called input channels, because outputs 
are forbidden on them. The syntax of processes and values is enriched as follows: 

P ::=... \ a(Ux).P; 
V ::=... | XU X .P\ UV; 

but outputs can only be performed on channels not in J?^. The term UV is a value (i.e., a parametrized 
process) which can be spawned. Spawning itself is performed by passing a process UV to either an 
abstraction \Dx.P or an input a{Dx).P. In both cases, exactly one occurrence of x in P is the scope of a 
□ operator, and only one of the following two conditions holds: 

1. The occurrence of x in the scope of a □ operator is part of the continuation of an input channel a, 
and all other occurrences of x in P are at depth 0. 

2. There are no other occurrences of x in P. 

The foregoing constraints are enforced by the well-formation rules in Figure [5] The well-formation rules 
of EH07l(j^^) are considerably more complex than the ones of SH07T. Judgements have the form 
r Hep P or T hnv V, where a variable x can occur in T in one of five different forms: 

• As either x, \x or #x: here the meaning is exactly the one from SH07T (see Section [4]). 

• As Ox: the variable x then appears exactly once in P, in the scope of a spawning operator □. 

• As Ox: x occurs at least once in P, once in the scope of a □ operator (itself part of the continuation 
for an input channel), and possibly many times at depth 0. 

A variable marked as Ox can "absorb" the same variable declared as #x in binary well-formation rules 
(i.e. the ones for applications, outputs, etc.). Note the special well-formation rules that are only applica- 
ble with an input channel: in that case a portion of the context DA becomes OA. 
The operational semantics is obtained adding to Figure[3]the following two rules: 

a{DR).P\\a(Dx).Q^ L P\\Q[x/R] (XDx.P)DQ — > l P[x/ Q] 
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r,#A,OQh EP f A,#A,#Qh EP Q i>h EP P 
#r h EP r,A,#A,O0 Hep P\\Q r\- EP a(x).P 

r,!xh EP p r,#x\- EP p r,cici-EpP r,Oxh EP p 



ri-EP a(\x).P rh EP a{\x).P rh EP a(a x ).P rh EP a(Dx).P 
r,DA,xh EP P gg/g r, DA, be h EP P ae 

r,OAh E pfl(i).p r,OAh EP fl(u).p 

r,DA,fel- E pP a€J^ r, DA, Djc h E p P a£/f r, nA,0;c h E p P a € 

r,OAh EP a(!x).P r,OAh EP fl(nj).P r,OAh EP a(Dx).P 

r,#A,o0h EV y A,#A,#0h EP p r,#A,#@h EV v A,#A,o@h EP p 

r, A,#A, O0 Hep a(V).P r,A,#A,O0 h EP a(V).P 



rh EP p 

rh EP (va)P 



r,#A,O0h EV V A,#A,#Q h E y W r,#A,#0h EV V A,#A,OQh E yW 
r,A,#A,O0h EP VW r,A,#A,O0h E pVW 

r>h EP p 

#ri~Ev* #r,xi~Ev* #r,#xi~Ev^ ri- E vAx.p 

r,#xh EP p r, !xh EP p r,nxh EP p 
r h EV Aix.p r h EV A!jc.p r h EV Adjc.p 

r,Oxh EP p rh EV v rh EV v 



r h EV Aqx.p ir,#A h EV !v nr,#A h EV nv 



Figure 5: Processes and values in EHOn^ff). 

As expected, 

Lemma 4 (Subject Reduction) h E p P ara<f P Q, then h E p <2- 

The process SERVER] is a EHOn^ff) process once COMP\ is considered as a spawned process 
and b G define 

SERVER n = (va)(C0MP D (!*) \\a(UCOMP n )); 
COMP a =X\z.{a{Ux).{b{\y).c{\y).a{Ux) || *(!★))). 

and consider the following derivations: 

h EV * h EV COMPn 



h EV COMP n h EV !★ h EV aCOMP n 



h EP COMP n (!*) h EP a(DC6>MP n 
0h EP COMPn (!★) || a(aCOMP n ) 
0h EP (va) (COMPn (!★) || a(DCOAfP n )) 
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X r"EV X 
#Z, Ox h E y Ox y h EV y 
#z,ax\- E pa{Ox) \y\- EV \y |- EV * 

#z,ax,\yh E pc(\y).a{ax) b e J?tf #xh EV x 0h EV !* 
#Z,Ox l r EP b(ly).c(\y).a(n x ) #ih EP i(!*) 
#z,Ox h EP fe(!y).c(!y).a(Djc) [| *(!★) 
#zh E pfl(Px).(&(!y).c(!y).S(Px) || *(!*)) 
h EV X\z.a{Ux).{b{\y).c{\y).a{n x ) || *(!*)) 

The use in EHOtt^^) of a distinct set of input channels may still be seen as rigid. For instance, it 
prevents from accepting SERVERn in parallel with a client of the server itself (because the client uses the 
request channel of the server in output); similarly, it prevents from accepting reentrant servers (servers 
that can invoke themselves). As pointed out earlier, we are mainly interested in techniques capable of 
ensuring polynomial bounds on components of concurrent systems (so for instance, bounds on the server, 
rather than on the composition of the server and a client). In any case, this paper represents a preliminary 
investigation, and further refinements or extensions of EH07l( J^ff) may well be possible. 

5.1 Feasible Termination 

The proof of feasible termination for EHOn(j?&) is similar in structure to the one for SH07T (see 
Section l4~Tb . However, some additional difficulties due to the presence of spawning arise. 

The auxiliary notions we needed in the proof of feasible termination for SHOft can be easily extended 
to EHOtt^'t^) as follows: The architecture of the soundness proof is similar to the one for linear 
processes. The box depth, duplicability factor and weight of a process are defined as for soft processes, 
plus: 

M(Xax.P) = n(P); B(Xnx.P)=max{J$(P),WO(x,P)}; W„(XDx.P) = W„(P); 

B(DV)=B(V) + 1; D(DV) = B(V); W„(DV) = n ■ W„{V) + 1; 

M(a(Dx).P) = B(P); B{a(Dx).P) = max{B(P),FO(;r,P)}; W„(a(n x ).P) = W„(P) + 1. 

Informally, the spawning operator □ acts as ! in all the definitions above. The weight W(P), still defined 
as Wo(p)(P) is again an upper bound to the size of P, but is not guaranteed to decrease at any reduction 
step. In particular, spawning can make W(P) bigger. As a consequence, two new auxiliary notions are 
needed. The first one is similar to the weight of processes and values, but is computed without taking 
into account whatever happens after an input on a channel a G It is parametric on a natural number 
n and is defined as follows: 

l n (Xx.P) = l n (X\x.P) = l„(lux.P) = l„(P) 

l,(a(V)-P) = UV)+UP) 

UPQ) = UP)+UQ) + i 

The weight before input I(P) of a process P is simply Ij$(p\(P). As we will see, I(P) is guaranteed to 
decrease at any reduction step, but this time it is not an upper bound to the size of the underlying process. 
The second auxiliary notion captures the potential growth of processes due to spawning and is again 
parametric on a natural number n: 



I„(*)=I n (x)=I„(0) = l 

I„(!V)=I B (DV)=n-I„(V) + l 

Ua( X ).P)=Ua(< X ).P)=Ua(n X ).P) = { ° (p) + 1 

l n ((va)P) = I n (P) 
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p„W = p„W = p„(o) = o 

P„(!V) = n-P„(y) 

P„{P\\Q)=l? n (P)+P n (Q) 

F„(a{V).P) = P n (V) + P„(P) 
P„(VW) = P„(V) + P n (W) 

Again, the potential growth P(P) of a process P is Pb(p)(P)- Proposition [3l Lemma [2] and Lemma [3] 
from Section |4~T1 continue to hold for EHOTr(j^^), and their proofs remain essentially unchanged. 
Proposition 0] is true only if the weight before input replaces the weight: 

Proposition 6 If® h SP Q and Q — P then l(Q) > I(P). 

The potential growth of a process P cannot increase during reduction. Moreover, the weight can increase, 
but at most by the decrease in the potential growth. Formally: 

Proposition 7 If(b h SP Q and Q -> L P, then P(Q) > P(P) and W(fi) + P(g) > W(P) + P(P). 

Polynomial bounds on all the attributes of processes we have defined can be proved: 

Proposition 8 For every process P, W(P) < |P| B ( p ) +1 , I(P) < \pf( p )+i a nd¥(P) < B(P)W(P). 

And, as for SHOtt, we get a polynomial bound in the number of reduction steps from any process: 

Theorem 2 There is a family of polynomials {p n }neK such that for every process P and for every m, if 
P^Q,thenm,\Q\<p M{P) (\P\). 

Proofs for the results above have been elided, due to space constraints. Their structure, however, reflects 
the corresponding proofs for SH07T (see Section |4~TI ). As an example, proofs of propositions [6] and |7] are 
both structured around appropriate substitution lemmas. 

6 Conclusions 

Goal of this preliminary essay was to verify whether we could apply to process algebras the technologies 
for resource control that have been developed in the so-called "light logics" and have been successfully 
applied so far to paradigmatic functional programming. We deliberately adopted a minimalistic ap- 
proach: applications between processes restricted to values, the simplest available logic, a purely linear 
language (i.e., no weakening/erasing on non marked formulas), no types, no search for maximal expres- 
sivity. In this way the result of the experiment would have had a clear single outcome. We believe this 
outcome is a clear positive, and that this paper demonstrates it. 

Several issues must be investigated further, of course, so that this first experiment may become a 
solid contribution. First, one may wonder whether other complexity conscious fragments of linear logic 
can be used in place of SLL as guideline for box control. SLL is handy as a first try, because of its 
simplicity, but we do believe that analogous results could be obtained starting from Light Affine Logic, 
designed by Asperti and Roversi [2] after Girard's treatment of the purely linear case. This would also 
allow unrestricted erasing of processes, leaving marked boxes only for duplication. Second, individuate a 
richer language of processes, still amenable to the soft (or light) treatment. Section [5] suggests a possible 
direction, but many others are possible. Third, the very interesting problem of studying the notion of 
complexity class in the process realm. 



¥„{Xx.P) = P„(A!x.P) = ¥ n {kn x .P) = ¥ n {P) 

W„(nV) = n-W„(V)+n-W„{V) 

P B (« W J.)=P,.(«(U)J')=P,(«(Q*)J') = { ° Fn{p) 
F n ((va)P) = P n (P) 



60 



Light Logics and Higher-Order Processes 



In the paper, we have proved polynomial bounds for SH07T, obtained from the the Higher-Order 
71-calculus by imposing constraints inspired by Soft Linear Logic. We have then considered an exten- 
sion of SH07T, taking into account features specific to processes, notably the existence of channels: in 
process calculi a reduction step does not need to be anonymous, as in the A -calculus, but may result 
from an interaction along a channel. An objective of the extension was to accept processes that are pro- 
grammed to have unboundedly many external actions (i.e., interactions with their environment) but that 
remain polynomial on the internal work performed between any two external activities. Our definition 
of the extended class, EHOn(^'rf), relies on the notion of input channel — a channel that is used in 
a process only in input. This allows us to have more flexibility in the permitted forms of copying. We 
have proposed EHO?r( ) because this class seems mathematically simple and practically interesting. 
These claims, however, need to be sustained by more evidence. Furher, other refinements of SH07T are 
possible. Again, more experimentation with examples is needed to understand where to focus attention. 

Another question related to the interplay between internal and external actions of processes is whether 
the polynomial bounds on internal actions change when external actions are performed. 

Summarizing, we started with a question ("Can ICC be applied to process algebras?") and ended up 
with a positive answer and many more different questions. But this is a feature, and not a bug. 
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